close
close
Your Network of Tomorrow
Your Network of Tomorrow
Plan your path toward a faster, more secure, and more resilient network designed for the applications and users that you support.
          Experience Netskope
          Get Hands-on With the Netskope Platform
          Here's your chance to experience the Netskope One single-cloud platform first-hand. Sign up for self-paced, hands-on labs, join us for monthly live product demos, take a free test drive of Netskope Private Access, or join us for a live, instructor-led workshops.
            A Leader in SSE. Now a Leader in Single-Vendor SASE.
            A Leader in SSE. Now a Leader in Single-Vendor SASE.
            Netskope debuts as a Leader in the Gartner® Magic Quadrant™ for Single-Vendor SASE
              Securing Generative AI for Dummies
              Securing Generative AI for Dummies
              Learn how your organization can balance the innovative potential of generative AI with robust data security practices.
                Modern data loss prevention (DLP) for Dummies eBook
                Modern Data Loss Prevention (DLP) for Dummies
                Get tips and tricks for transitioning to a cloud-delivered DLP.
                  Modern SD-WAN for SASE Dummies Book
                  Modern SD-WAN for SASE Dummies
                  Stop playing catch up with your networking architecture
                    Understanding where the risk lies
                    Advanced Analytics transforms the way security operations teams apply data-driven insights to implement better policies. With Advanced Analytics, you can identify trends, zero in on areas of concern and use the data to take action.
                        The 6 Most Compelling Use Cases for Complete Legacy VPN Replacement
                        The 6 Most Compelling Use Cases for Complete Legacy VPN Replacement
                        Netskope One Private Access is the only solution that allows you to retire your VPN for good.
                          Colgate-Palmolive Safeguards its "Intellectual Property” with Smart and Adaptable Data Protection
                          Colgate-Palmolive Safeguards its "Intellectual Property” with Smart and Adaptable Data Protection
                            Netskope GovCloud
                            Netskope achieves FedRAMP High Authorization
                            Choose Netskope GovCloud to accelerate your agency’s transformation.
                              Let's Do Great Things Together
                              Netskope’s partner-centric go-to-market strategy enables our partners to maximize their growth and profitability while transforming enterprise security.
                                Netskope solutions
                                Netskope Cloud Exchange
                                Netskope Cloud Exchange (CE) provides customers with powerful integration tools to leverage investments across their security posture.
                                  Netskope Technical Support
                                  Netskope Technical Support
                                  Our qualified support engineers are located worldwide and have diverse backgrounds in cloud security, networking, virtualization, content delivery, and software development, ensuring timely and quality technical assistance
                                    Netskope video
                                    Netskope Training
                                    Netskope training will help you become a cloud security expert. We are here to help you secure your digital transformation journey and make the most of your cloud, web, and private applications.

                                      Understanding Security Service Edge (SSE) and SASE

                                      Sep 09 2021

                                      In this industry clarity is critical, and both SASE and the more-recently-coined security service edge (SSE) terminology, can be a little confusing. The difference between SASE and SSE at a high-level is: SASE conjoins security and networking while SSE unites only security measures into a single cloud instance. This is often why many consider SSE to be a subset of the larger SASE architecture. Let’s take a further look at what distinguishes SASE from SSE, and why both concepts are so fundamental to building cloud-centric security and networking architectures of the future.

                                      SASE: A Security and Networking Architecture

                                      SASE, first coined by research firm Gartner® in 2019, is a framework for designing security and networking architecture in a world where the use of cloud applications is now ubiquitous in business. The SASE framework includes both the technologies required and the way those technologies are integrated and delivered not only to match the flexibility and economics of cloud access but also to align with the evolution of evaluation, procurement, and deployment practices. 

                                      These are necessary changes. In a cloud-first, work-from-anywhere world whose requirements have been accelerated by a global pandemic, security must become perimeterless and must be able to follow a company’s most important asset—its data—with a level of contextual awareness sufficient to protect that data wherever and whenever it is accessed, everywhere it happens to be stored. 

                                      What’s more, all of this needs to smoothly transpire while maintaining fast and reliable network performance, which preserves the user experience, maximizes business, and helps users stay productive. SASE transitions essential networking and security capabilities to the cloud, eliminating perimeter-based appliances and legacy products. It provides safe and reliable access to web services, applications, and data, with zero trust principles applied throughout to achieve continuous adaptive trust during every interaction. 

                                      Security Service Edge (SSE): The Security Capabilities Needed for SASE

                                      SSE is a more recent term, described by Gartner’s Neil MacDonald and John Watts in the “Hype Cycle(™) for Cloud Security, 2021” in July. A good way to view SSE is a term describing the evolving security stack that sustains the SASE journey—more specifically, a set of capabilities necessary to achieve the security SASE describes, focusing on core platform requirements including cloud access security broker (CASB), secure web gateway (SWG), and zero trust network access (ZTNA). 

                                      Gartner highlights that “b​y 2025, at least 60% of enterprises will have explicit strategies and timelines for SASE adoption encompassing user, branch and edge access, up from 10% in 2020.”* A simple way to think about SSE, and the work being done by enterprise IT teams toward SSE, is as “the security side” of SASE — managing access to and protecting an organization’s data, which in so many cases today is crucial for competitive advantage. Remember, too, that IT teams are simultaneously modernizing “the networking side,” such as delivering SD-WAN capabilities. But even with such rapid adoption of SASE architecture, most businesses will not tackle SASE exactly the same way, with some focused on the core security capabilities described under SSE, others continuing to retire legacy networking investments in favor of more modern networking capabilities such as SD-WAN, and still others working throughout the infrastructure to add zero trust network access (ZTNA) capabilities and begin to phase out lagging technologies such as VPNs. SASE is the total blueprint; SSE is a subset of overall SASE requirements focused on several key security-related components of the blueprint that, when sourced from a single platform provider, offer previously unattainable efficiency of operation and economy of scale. 

                                      There is at least one more important consideration when looking at SASE, SSE, and the objectives technology teams are trying to achieve with this new architecture. Many vendors claim to check the boxes called “CASB,” “SWG,” and “ZTNA.” True differentiation — differentiation that actually enables the journey to SASE — manifests as an understanding of context. Perhaps the most important capability is distinguishing company app instances from personal app instances. Legacy security technologies provide simplistic binary, allow-or-deny controls, but for cloud apps in use by both businesses and individual users, binary is no longer sufficient: the content and context requires analysis, especially when more than two-thirds of threats are cloud-delivered**

                                      The threat and data protection efficacy of SSE within SASE requires detailed context that legacy defenses hosted in the cloud are unable to provide. SASE can support business-driven network and security transformations, but only with the right emphasis on context will SSE enable overall success with app and data transformation in direct relation to threat and data protection.

                                      Here at Netskope, we’re continuing to expand our industry-leading Secure Access Service Edge (SASE) platform capabilities to address critical customer needs in cloud security, networking, and the application of zero trust principles at every point where data is accessed in the cloud. We’ve been named by Gartner as the 2021 Gartner Peer Insights Customers’ Choice™  for both CASB and SWG, including scoring highest among all SWG vendors in the report as the highest-rated Customers’ Choice vendor (4.7/5 based on 49 reviews as of April 2021). 

                                      Learn more about SSE and SASE by getting your copy of Netskope’s newest book, Security Service Edge for Dummies.

                                      Curious about how an SSE offering can reduce risk, accelerate performance, and simplify collaboration in your own environment? Learn how Netskope SSE can help you be ready for anything on your SASE journey.

                                      Gartner and Hype Cycle are registered trademarks of Gartner, Inc. and/or its affiliates in the U.S. and internationally and is used herein with permission. All rights reserved

                                      Gartner Peer Insights Customers’ Choice constitute the subjective opinions of individual end-user reviews, ratings, and data applied against a documented methodology; they neither represent the views of, nor constitute an endorsement by, Gartner or its affiliates.

                                      *Gartner, “2021 Strategic Roadmap for SASE Convergence.” Neil MacDonald, Nat Smith, Lawrence Orans, Joe Skorupa. March 25, 2021

                                      **Netskope Threat Labs, Cloud & Threat Report, July 20, 2021

                                      author image
                                      Jason Clark
                                      Jason Clark brings decades of experience executing successful strategic security programs and business strategies to Netskope as Chief Strategy and Marketing Officer.
                                      Jason Clark brings decades of experience executing successful strategic security programs and business strategies to Netskope as Chief Strategy and Marketing Officer.

                                      Stay informed!

                                      Subscribe for the latest from the Netskope Blog